search

adobkin / libcapn

A simple C Library for interact with the Apple Push Notification Service (APNs)
MIT License
100 stars 37 forks source link

Invalid checking certificate #26

Closed cuongtv51 closed 8 years ago

cuongtv51 commented 8 years ago

I just pull new code, and create 1 certificate for push voip (using PushKit), but when i run it, it log

[inf] Initializing SSL connection... [inf] Local certificate subject: UID=xxx.voip, CN=VoIP Services: xxx, OU=GH99A265HF, O=NGO LOC, C=US [inf] Local certificate issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority [err] Invalid certificate. You are using a SANDBOX mode, but certificate was created for usage in PRODUCTION

I just check code, and see in file apn_ssl.c (line 219) you have check certificate subject CN, but i think do we need check this ? or may be apple has some new subject CN in future time.

ajayRam2020 commented 8 years ago

hi, any update on above issue. I am also facing the same issue while using pushkit.

adobkin commented 8 years ago

Yes, I fix it within several days

ajayRam2020 commented 8 years ago

Temporary workaround:

  1. Comment "if(cn) { ... }" statement from apn_ssl.c [line 233-248].
adobkin commented 8 years ago

I just check code, and see in file apn_ssl.c (line 219) you have check certificate subject CN, but i think do we need check this ? or may be apple has some new subject CN in future time.

Yes, comparing CN is bad way. Now, library checks extensions of certificate:

#define APN_CERT_EXTENSION_PRODUCTION "1.2.840.113635.100.6.3.2"
#define APN_CERT_EXTENSION_SANDBOX    "1.2.840.113635.100.6.3.1"